autotel 4.1.0 → 4.2.0

package/src/validation.ts

@@ -1,246 +0,0 @@
-/**
- * Input validation for events events and attributes
- *
- * Prevents:
- * - Invalid event names
- * - Oversized payloads
- * - Circular references
- * - Sensitive data leaks
- */
-
-import type { EventAttributes } from './event-subscriber';
-
-export interface ValidationConfig {
-  /** Max event name length (default: 100) */
-  maxEventNameLength: number;
-  /** Max attribute key length (default: 100) */
-  maxAttributeKeyLength: number;
-  /** Max attribute value length for strings (default: 1000) */
-  maxAttributeValueLength: number;
-  /** Max total attributes per event (default: 50) */
-  maxAttributeCount: number;
-  /** Max nesting depth for objects (default: 3) */
-  maxNestingDepth: number;
-  /** Sensitive field patterns to redact */
-  sensitivePatterns: RegExp[];
-}
-
-const DEFAULT_CONFIG: ValidationConfig = {
-  maxEventNameLength: 100,
-  maxAttributeKeyLength: 100,
-  maxAttributeValueLength: 1000,
-  maxAttributeCount: 50,
-  maxNestingDepth: 3,
-  sensitivePatterns: [
-    /password/i,
-    /secret/i,
-    /token/i,
-    /api[_-]?key/i,
-    /access[_-]?key/i,
-    /private[_-]?key/i,
-    /auth/i,
-    /credential/i,
-    /ssn/i,
-    /credit[_-]?card/i,
-  ],
-};
-
-export class ValidationError extends Error {
-  constructor(message: string) {
-    super(message);
-    this.name = 'ValidationError';
-  }
-}
-
-/**
- * Validate and sanitize event name
- * Throws ValidationError if invalid
- */
-export function validateEventName(
-  eventName: string,
-  config: ValidationConfig = DEFAULT_CONFIG,
-): string {
-  // Check type
-  if (typeof eventName !== 'string') {
-    throw new ValidationError(
-      `Event name must be a string, got ${typeof eventName}`,
-    );
-  }
-
-  // Check non-empty
-  const trimmed = eventName.trim();
-  if (trimmed.length === 0) {
-    throw new ValidationError('Event name cannot be empty');
-  }
-
-  // Check length
-  if (trimmed.length > config.maxEventNameLength) {
-    throw new ValidationError(
-      `Event name too long (${trimmed.length} chars). ` +
-        `Max: ${config.maxEventNameLength}`,
-    );
-  }
-
-  // Check valid characters (alphanumeric, dots, underscores, hyphens)
-  if (!/^[a-zA-Z0-9._-]+$/.test(trimmed)) {
-    throw new ValidationError(
-      `Event name contains invalid characters: "${trimmed}". ` +
-        'Use only letters, numbers, dots, underscores, and hyphens.',
-    );
-  }
-
-  return trimmed;
-}
-
-/**
- * Validate and sanitize attributes
- * Returns sanitized attributes (sensitive data redacted)
- */
-export function validateAttributes(
-  attributes: EventAttributes | undefined,
-  config: ValidationConfig = DEFAULT_CONFIG,
-): EventAttributes | undefined {
-  if (attributes === undefined || attributes === null) {
-    return undefined;
-  }
-
-  // Check type
-  if (typeof attributes !== 'object' || Array.isArray(attributes)) {
-    throw new ValidationError('Attributes must be an object');
-  }
-
-  // Count attributes
-  const keys = Object.keys(attributes);
-  if (keys.length > config.maxAttributeCount) {
-    throw new ValidationError(
-      `Too many attributes (${keys.length}). ` +
-        `Max: ${config.maxAttributeCount}`,
-    );
-  }
-
-  // Validate and sanitize each attribute
-  const sanitized: EventAttributes = {};
-
-  for (const key of keys) {
-    // Validate key
-    if (key.length > config.maxAttributeKeyLength) {
-      throw new ValidationError(
-        `Attribute key too long: "${key.slice(0, 20)}..." ` +
-          `(${key.length} chars). Max: ${config.maxAttributeKeyLength}`,
-      );
-    }
-
-    const value = attributes[key];
-
-    // Redact sensitive *strings* only. Numeric/boolean values are not
-    // credentials and replacing them with the literal string '[REDACTED]'
-    // both leaks no useful signal and breaks downstream type expectations
-    // (e.g. an LLM `promptTokens` counter becoming a string poisons every
-    // consumer that treats it as a number).
-    const isSensitive =
-      typeof value === 'string' &&
-      config.sensitivePatterns.some((pattern) => pattern.test(key));
-
-    if (isSensitive) {
-      sanitized[key] = '[REDACTED]';
-      continue;
-    }
-
-    sanitized[key] = sanitizeValue(value, config, 1) as
-      | string
-      | number
-      | boolean;
-  }
-
-  return sanitized;
-}
-
-/**
- * Sanitize attribute value (recursive)
- */
-function sanitizeValue(
-  value: unknown,
-  config: ValidationConfig,
-  depth: number,
-): unknown {
-  // Check nesting depth
-  if (depth > config.maxNestingDepth) {
-    return '[MAX_DEPTH_EXCEEDED]';
-  }
-
-  // Handle null/undefined
-  if (value === null || value === undefined) {
-    return value;
-  }
-
-  // Handle primitives
-  if (typeof value === 'string') {
-    if (value.length > config.maxAttributeValueLength) {
-      return value.slice(0, config.maxAttributeValueLength) + '...';
-    }
-    return value;
-  }
-
-  if (typeof value === 'number' || typeof value === 'boolean') {
-    return value;
-  }
-
-  // Handle arrays
-  if (Array.isArray(value)) {
-    return value.map((item) => sanitizeValue(item, config, depth + 1));
-  }
-
-  // Handle objects
-  if (typeof value === 'object') {
-    try {
-      // Check for circular references
-      JSON.stringify(value);
-
-      const sanitized: Record<string, unknown> = {};
-      for (const key in value) {
-        if (Object.prototype.hasOwnProperty.call(value, key)) {
-          const nested = (value as Record<string, unknown>)[key];
-          // See top-level branch above: only string values are redacted.
-          const isSensitive =
-            typeof nested === 'string' &&
-            config.sensitivePatterns.some((pattern) => pattern.test(key));
-
-          sanitized[key] = isSensitive
-            ? '[REDACTED]'
-            : sanitizeValue(nested, config, depth + 1);
-        }
-      }
-      return sanitized;
-    } catch {
-      // Circular reference detected
-      return '[CIRCULAR]';
-    }
-  }
-
-  // Unsupported type (function, symbol, etc.)
-  return `[${typeof value}]`;
-}
-
-/**
- * Validate and sanitize an events event
- * Returns { eventName, attributes } with sanitized values
- */
-export function validateEvent(
-  eventName: string,
-  attributes?: EventAttributes,
-  config?: Partial<ValidationConfig>,
-): { eventName: string; attributes?: EventAttributes } {
-  const fullConfig = { ...DEFAULT_CONFIG, ...config };
-
-  return {
-    eventName: validateEventName(eventName, fullConfig),
-    attributes: validateAttributes(attributes, fullConfig),
-  };
-}
-
-/**
- * Get default validation config (for testing/customization)
- */
-export function getDefaultValidationConfig(): ValidationConfig {
-  return { ...DEFAULT_CONFIG };
-}

package/src/variable-name-inference.test.ts

@@ -1,178 +0,0 @@
-import { describe, it, expect, beforeEach } from 'vitest';
-import {
-  inferVariableNameFromCallStack,
-  clearInferenceCache,
-} from './variable-name-inference';
-
-// Helper function that simulates trace() for testing
-function trace<T>(fn: T): T {
-  const varName = inferVariableNameFromCallStack();
-  // Attach the inferred name to the function for verification
-  (fn as { __inferredName?: string }).__inferredName = varName;
-  return fn;
-}
-
-describe('variable-name-inference', () => {
-  beforeEach(() => {
-    // Clear cache before each test to ensure isolation
-    clearInferenceCache();
-  });
-
-  describe('inferVariableNameFromCallStack', () => {
-    it('should infer variable name from const assignment', () => {
-      const testFunction = trace(() => 'test');
-
-      expect((testFunction as { __inferredName?: string }).__inferredName).toBe(
-        'testFunction',
-      );
-    });
-
-    it('should cache inference results', () => {
-      // Helper to test caching from same location
-      function callFromSameLocation() {
-        const cachedResult = trace(() => 'test');
-        return (cachedResult as { __inferredName?: string }).__inferredName;
-      }
-
-      const result1 = callFromSameLocation();
-      const result2 = callFromSameLocation();
-
-      // Both calls from same location should get same cached result
-      expect(result1).toBe('cachedResult');
-      expect(result2).toBe('cachedResult');
-    });
-
-    it('should gracefully handle errors', () => {
-      // This test verifies that even if something goes wrong,
-      // the function returns undefined rather than throwing
-      expect(() => trace(() => 'test')).not.toThrow();
-    });
-  });
-
-  describe('pattern matching', () => {
-    // These tests verify that the regex patterns work correctly
-    // by creating actual assignments and checking inference
-
-    it('should match const pattern', () => {
-      const myConstVariable = trace(() => 'test');
-      expect(
-        (myConstVariable as { __inferredName?: string }).__inferredName,
-      ).toBe('myConstVariable');
-    });
-
-    it('should handle camelCase names', () => {
-      const myCamelCaseVariableName = trace(() => 'test');
-      expect(
-        (myCamelCaseVariableName as { __inferredName?: string }).__inferredName,
-      ).toBe('myCamelCaseVariableName');
-    });
-
-    it('should handle PascalCase names', () => {
-      const MyPascalCaseName = trace(() => 'test');
-      expect(
-        (MyPascalCaseName as { __inferredName?: string }).__inferredName,
-      ).toBe('MyPascalCaseName');
-    });
-
-    it('should handle snake_case names', () => {
-      const my_snake_case_name = trace(() => 'test');
-      expect(
-        (my_snake_case_name as { __inferredName?: string }).__inferredName,
-      ).toBe('my_snake_case_name');
-    });
-
-    it('should handle names with numbers', () => {
-      const myVariable123 = trace(() => 'test');
-      expect(
-        (myVariable123 as { __inferredName?: string }).__inferredName,
-      ).toBe('myVariable123');
-    });
-
-    it('should handle names with dollar signs', () => {
-      const $myVariable = trace(() => 'test');
-      expect(($myVariable as { __inferredName?: string }).__inferredName).toBe(
-        '$myVariable',
-      );
-    });
-
-    it('should handle names with underscores', () => {
-      const _privateVariable = trace(() => 'test');
-      expect(
-        (_privateVariable as { __inferredName?: string }).__inferredName,
-      ).toBe('_privateVariable');
-    });
-  });
-
-  describe('edge cases', () => {
-    it('should handle multiple spaces in assignment', () => {
-      const spacedVariable = trace(() => 'test');
-      expect(
-        (spacedVariable as { __inferredName?: string }).__inferredName,
-      ).toBe('spacedVariable');
-    });
-
-    it('should handle assignment with no spaces', () => {
-      const noSpaces = trace(() => 'test');
-      expect((noSpaces as { __inferredName?: string }).__inferredName).toBe(
-        'noSpaces',
-      );
-    });
-  });
-
-  describe('caching behavior', () => {
-    it('should cache results for same call location', () => {
-      // Helper function to call from same location multiple times
-      function callFromSameLocation() {
-        const cachedResult = trace(() => 'test');
-        return (cachedResult as { __inferredName?: string }).__inferredName;
-      }
-
-      const result1 = callFromSameLocation();
-      const result2 = callFromSameLocation();
-
-      // Both calls from same source location should return same result
-      expect(result1).toBe('cachedResult');
-      expect(result2).toBe('cachedResult');
-    });
-
-    it('should clear cache when requested', () => {
-      const beforeClear = trace(() => 'test');
-      const result1 = (beforeClear as { __inferredName?: string })
-        .__inferredName;
-
-      clearInferenceCache();
-
-      const afterClear = trace(() => 'test');
-      const result2 = (afterClear as { __inferredName?: string })
-        .__inferredName;
-
-      // Both should infer correctly regardless of cache
-      expect(result1).toBe('beforeClear');
-      expect(result2).toBe('afterClear');
-    });
-  });
-
-  describe('integration with trace pattern', () => {
-    it('should work with factory pattern simulation', () => {
-      // Simulate the factory pattern: trace((ctx) => async () => {})
-      const myFactoryFunction = trace((_ctx: unknown) => async () => {
-        return 'test';
-      });
-
-      expect(
-        (myFactoryFunction as { __inferredName?: string }).__inferredName,
-      ).toBe('myFactoryFunction');
-    });
-
-    it('should work with direct pattern simulation', () => {
-      // Simulate direct pattern: trace(async () => {})
-      const myDirectFunction = trace(async () => {
-        return 'test';
-      });
-
-      expect(
-        (myDirectFunction as { __inferredName?: string }).__inferredName,
-      ).toBe('myDirectFunction');
-    });
-  });
-});

package/src/variable-name-inference.ts

@@ -1,242 +0,0 @@
-/**
- * Variable Name Inference Utility
- *
- * Attempts to infer variable names from const/export const assignments
- * by analyzing the call stack and parsing source code.
- *
- * This is a best-effort approach with graceful degradation - if inference
- * fails for any reason, it returns undefined without breaking the application.
- */
-
-import { readFileSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
-
-interface CallLocation {
-  file: string;
-  line: number;
-  column: number;
-}
-
-/**
- * LRU Cache for inferred variable names
- * Key: "file:line" (e.g., "/path/to/file.ts:42")
- * Value: inferred variable name or undefined
- */
-const inferenceCache = new Map<string, string | undefined>();
-const MAX_CACHE_SIZE = 50;
-
-/**
- * Captures the current call stack
- */
-function captureStackTrace(): string {
-  const originalStackTraceLimit = Error.stackTraceLimit;
-  Error.stackTraceLimit = 10; // Only need first few frames
-
-  const err = new Error('Stack trace capture');
-  const stack = err.stack || '';
-
-  Error.stackTraceLimit = originalStackTraceLimit;
-  return stack;
-}
-
-/**
- * Parses the stack trace to find where trace() was called
- *
- * Stack trace format (Node.js):
- *   at functionName (file:line:column)
- *   at file:line:column
- *
- * We skip frames until we find one that's NOT in functional.ts or this file.
- * We also need to skip one additional frame (the trace/span/instrument function itself)
- * to get to the actual user code.
- */
-function parseCallLocation(stack: string): CallLocation | undefined {
-  const lines = stack.split('\n');
-  let skippedExternalFrame = false;
-
-  for (const line of lines) {
-    // Skip if line contains this file or functional.ts (internal frames)
-    // Be specific about the filename to avoid matching test files
-    if (
-      line.includes('variable-name-inference.ts') ||
-      line.includes('variable-name-inference.js') ||
-      line.includes('functional.ts') ||
-      line.includes('functional.js')
-    ) {
-      continue;
-    }
-
-    // Match various stack trace formats
-    // Format 1: at functionName (file:line:column)
-    // Format 2: at file:line:column
-    const match =
-      line.match(/at\s+(?:.*\s+)?\(?([^:]+):(\d+):(\d+)\)?/) ||
-      line.match(/^.*?([^:]+):(\d+):(\d+)/);
-
-    if (match) {
-      let filePath = match[1]!.trim();
-
-      // Handle file:// URLs (convert to paths)
-      if (filePath.startsWith('file://')) {
-        try {
-          filePath = fileURLToPath(filePath);
-        } catch {
-          continue;
-        }
-      }
-
-      // Skip the first external frame (the trace/span function itself)
-      // We want the frame where the user CALLS trace(), not inside trace()
-      if (!skippedExternalFrame) {
-        skippedExternalFrame = true;
-        continue;
-      }
-
-      return {
-        file: filePath,
-        line: Number.parseInt(match[2]!, 10),
-        column: Number.parseInt(match[3]!, 10),
-      };
-    }
-  }
-
-  return undefined;
-}
-
-/**
- * Reads a specific line from a source file
- */
-function readSourceLine(
-  filePath: string,
-  lineNumber: number,
-): string | undefined {
-  try {
-    // Check if we can access the file system (not available in edge runtimes)
-    if (typeof readFileSync !== 'function') {
-      return undefined;
-    }
-
-    const content = readFileSync(filePath, 'utf8');
-    const lines = content.split('\n');
-
-    // Line numbers are 1-based
-    return lines[lineNumber - 1];
-  } catch {
-    // File doesn't exist, permission denied, or other error
-    return undefined;
-  }
-}
-
-/**
- * Extracts variable name from source code line using regex patterns
- *
- * Supported patterns:
- * - const varName = anyFunction(
- * - export const varName = anyFunction(
- * - let varName = anyFunction(
- * - var varName = anyFunction(
- *
- * Note: This won't work with destructuring assignments or complex patterns
- */
-function extractVariableName(sourceLine: string): string | undefined {
-  // Remove leading/trailing whitespace
-  const trimmed = sourceLine.trim();
-
-  // Pattern: (export)? (const|let|var) varName = anyFunctionCall(
-  // We match any function call, not just trace(), to support wrapper functions
-  const patterns = [
-    // export const varName = anyFunction(
-    /export\s+const\s+([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=\s*[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(/,
-    // const varName = anyFunction(
-    /const\s+([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=\s*[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(/,
-    // export let varName = anyFunction(
-    /export\s+let\s+([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=\s*[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(/,
-    // let varName = anyFunction(
-    /let\s+([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=\s*[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(/,
-    // export var varName = anyFunction(
-    /export\s+var\s+([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=\s*[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(/,
-    // var varName = anyFunction(
-    /var\s+([a-zA-Z_$][a-zA-Z0-9_$]*)\s*=\s*[a-zA-Z_$][a-zA-Z0-9_$]*\s*\(/,
-  ];
-
-  for (const pattern of patterns) {
-    const match = trimmed.match(pattern);
-    if (match && match[1]) {
-      return match[1];
-    }
-  }
-
-  return undefined;
-}
-
-/**
- * Adds an entry to the cache with LRU eviction
- */
-function cacheInference(key: string, value: string | undefined): void {
-  // If cache is full, remove oldest entry (first entry in Map)
-  if (inferenceCache.size >= MAX_CACHE_SIZE) {
-    const firstKey = inferenceCache.keys().next().value;
-    if (firstKey) {
-      inferenceCache.delete(firstKey);
-    }
-  }
-
-  inferenceCache.set(key, value);
-}
-
-/**
- * Main entry point: Attempts to infer the variable name from the call stack
- *
- * This function:
- * 1. Captures the call stack
- * 2. Parses it to find where trace() was called (file + line)
- * 3. Reads that line from the source file
- * 4. Extracts the variable name using regex
- *
- * Returns undefined if inference fails at any step (graceful degradation).
- * Results are cached to avoid repeated file I/O.
- *
- * @returns The inferred variable name, or undefined if inference failed
- */
-export function inferVariableNameFromCallStack(): string | undefined {
-  try {
-    // Capture stack trace
-    const stack = captureStackTrace();
-
-    // Parse stack to find trace() call location
-    const callLocation = parseCallLocation(stack);
-    if (!callLocation) {
-      return undefined;
-    }
-
-    // Check cache
-    const cacheKey = `${callLocation.file}:${callLocation.line}`;
-    if (inferenceCache.has(cacheKey)) {
-      return inferenceCache.get(cacheKey);
-    }
-
-    // Read source line
-    const sourceLine = readSourceLine(callLocation.file, callLocation.line);
-    if (!sourceLine) {
-      return undefined;
-    }
-
-    // Extract variable name
-    const variableName = extractVariableName(sourceLine);
-
-    // Cache result (even if undefined, to avoid repeated failed attempts)
-    cacheInference(cacheKey, variableName);
-
-    return variableName;
-  } catch {
-    // Graceful degradation - don't break the app if inference fails
-    return undefined;
-  }
-}
-
-/**
- * Clears the inference cache (useful for testing)
- */
-export function clearInferenceCache(): void {
-  inferenceCache.clear();
-}